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Introduction 


Healthcare providers have a responsibility to keep personal and sensitive data safe. In addition to the 
damage that can be done to a brand’s reputation, data loss or a security breach can result in hefty fines 
due to the Health Insurance Portability and Accountability Act (HIPAA). Businesses operating in the 
healthcare industry can be HIPAA compliant and avoid data leaks with the use of Parallels® Remote 
Application Server (RAS). 


This white paper provides a high-level overview of HIPAA compliance and explains how Parallels 
RAS features provide optimal solution to application, and desktop virtualization for Healthcare 
providers. 


Health Insurance Portability and Accountability Act (HIPAA) 


In 1996, the HIPAA legislation was enacted in the United States. It provides data privacy and security 
policies for safeguarding medical information. These regulations have become more relevant due to the 
proliferation of cyber-attacks, compromising the security of health and medical companies around the 
world. HIPAA has been updated several times since it was initially enacted. The Security Rule, which is 
most applicable to this discussion, took effect in 2003. Additional rules have been added and modified 
over the past 20 years. 


HIPAA Titles and Rules 


HIPAA is broken up into five different Titles. This document focuses on how Parallels RAS assists IT 
professionals in building an IT infrastructure that is compliant with the policies included in the Privacy 
and the Security Rule of Title Il: Preventing healthcare fraud and abuse; administrative simplification; 
medical liability reform. 


Privacy Rule 


The Privacy Rule establishes standards and regulates the use and disclosure of the Protected 
Health Information (PHI) and medical records of individuals. 


Security Rule 


The Security Rule is closely related to the Privacy Rule and establishes a standard for 
protection of the information on data access, transmission, and storage. Three types of 
safeguards are required— administrative, physical, and technical—to ensure the confidentiality, 
integrity, and security of the information. 


Healthcare Providers Need to Be Compliant 


A HIPAA violation occurs when a healthcare provider fails to comply with one or more of the 
provisions of the HIPAA Rules. There are four categories of violations and each has a 
corresponding tier of penalties. Fines vary from $100 (category “one”) to $50,000 (category “four”) 
per violation or record. The maximum penalty is $1.5 million per year for each violation. 


Parallels RAS Assists in Building a HIPAA Compliant IT Infrastructure 


Parallels RAS is an application and virtual desktop delivery solution that enables healthcare providers to 
create their own private and secure cloud. When using Parallels RAS, Protected Health Information (PHI) 
and medical records of individuals never leave this private cloud. Parallels RAS is a perfect solution for 

healthcare providers who need to maintain a HIPAA compliant IT infrastructure, facilitating adherence to 
the policies defined in the administrative, physical, and technical safeguards of the HIPAA Security Rule. 
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Administrative, Physical, and Technical Safeguards 


Administrative Safeguards are policies and procedures designed to manage the selection, development, 
implementation, and maintenance of security measures to protect electronic protected health 
information. Physical Safeguard are the physical measures, policies, and procedures to protect covered 
entity’s electronic information systems, including the protection of buildings and equipment from natural 
and environmental hazards, and unauthorized intrusion. 


Finally, Technical Safeguards are the technology and the policy and procedures for its use that protect 
electronic Protected Health Information (PHI) and control access to it. 


Parallels RAS helps healthcare providers build a complete and secure environment as follows: 
e Central management of applications and desktops. 


e |T professionals can dynamically control who accesses which applications and desktops. They 
can also control the times when data can be accessed and maintain a log of every user action. In 
order to simplify General Data Protection Regulation (GDPR) compliance maintenance, RAS 
provides a tool that allows administrators to remove all logged data for any specified user. 


e VDI desktops can be restricted through RAS Infrastructure: necessary permissions will be granted 
during logon process and revoked on logoff. 


e Integration with Microsoft Active Directory, where each user has a unique User Principal Name 
(UPN), can be enhanced with a multifactor authentication solution such as Google Authenticator or 
Microsoft Azure MFA server. Unique identifications guarantee that each person is uniquely 
traceable. 


e Configurable policies determine which clients can connect to the environment (Mac address, client 
type, etc.) and what data they can access, ensuring data is only accessed by authorized users. 


e IT professionals can lockdown client guests and configure user policies that transform the client 
device into a thin client/kiosk mode. Windows10 PIN-code based login feature is completely 
integrated with RAS Client Single Sign On. 


e Centralization of data and processes, with everything hosted in the private cloud. If a device is 
compromised, the setup can be restored in minutes using linked clone technology and the 
Parallels RAS prep tool without altering data or risking data loss. 


e User sessions are centrally managed. IT professionals determine under what conditions users can 
be disconnected or logged off from their applications or desktop. Administrators can also define 
the VDI desktops behavior after users’ logoff process — unassign, Suspend, shutdown or reboot. 
All this can be defined via template configurations. 


e Centralized monitoring and reporting. RAS Performance Monitoring tool centralizes all your 
company RAS deployments in a single panel, even in multi-farm scenarios or RDS groups-based 
setups. Apart from a complete set of reports already included out-of-the-box, custom reports can 
be also defined. 


e Parallels RAS integrates with Transport Layer Security (TSL) protocol to guarantee an end-to-end 
encrypted and secure channel between the remote client and the server. 


e On-premise, hybrid, and cloud deployments, such as Microsoft Azure, Alibaba Cloud and 
Amazon Web Services (AWS), are supported. Under emergency circumstances, a hybrid 
deployment can guarantee business continuity. 
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The diagram below shows one implementation of Parallels RAS in acompany: 
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Additional Features of Parallels RAS 


Easy Installation and Quick Setup Saves Time 


Healthcare providers can get started easily with the Parallels RAS straightforward and easy installation 
process. The default setup ensures that main infrastructure components are completely installed and 
configured (SSL, HTML5 client support, Load Balancing). There is no learning curve so users can start 
in the environment within minutes. 


All Features Included with Licensing 


All enterprise features are included in the same product license. Companies do not have to choose 
among complex sets of features and products editions. License only the number of concurrent users 
connected to the environment—the same license includes published applications solutions and Virtual 
Desktop Infrastructure (VDI) solutions. 


Parallels RAS Client Available for a Variety of Devices 


The Parallels RAS client is available for Windows, Mac, and Linux operating systems. It can also be 
installed on mobile devices such as Android or iOS phones. In addition, published resources are 
accessible from any HTML5 enabled-browser, making Parallels RAS a client-independent solution, 
perfect for Bring Your Own Device (BYOD) or Choose Your Own Device (CYOD) scenarios found in 
fast paced environments such as hospitals. 


Auto-Provisioning and Auto-Scaling 


Parallels RAS can dynamically create and release machines to guarantee that the load hold by each 
server or desktop complies with the criteria predefined by IT. With very good response time, in the 
case of load peaks, it guarantees an optimized use of the company resources. 
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Easy Migration 


Migration to Parallels RAS from any other third-party solution, such as Citrix XenApp, is simple and 
straightforward. Parallels offers detailed procedures and, in some scenarios, a migration tool to help 
complete the virtualization setup without downtime. 


Parallels RAS Helps IT Professionals Build a HIPAA Compliant Infrastructure 


Ensuring data security is vital for any company. When medical or health data is involved, a security 
breach may lead to HIPAA violation and a disastrous economical penalty. Don’t become another 
statistic: Parallels RAS is the ideal desktop and application delivery solution to help IT 
professionals build a HIPAA compliant infrastructure. 


Windows Server 2019 Support 


All RAS Infrastructure components are compatible with Windows Server 2019. Additionally, 
Virtual Desktop Infrastructure (VDI) desktops and Remote Desktop Session Host (RDSH) servers 
can be provisioned, scaled and maintained on Microsoft Hyper-V 2019. 


Session Pre-Launch 


With RAS administrators can enable the session pre-launch feature to reduce application launch 
time. Using cutting-edge Artificial Intelligence (Al) technology, RDP sessions are started 
automatically just a few minutes before the user normally starts the applications to improve the 
user experience and reduce waiting times. 


VDI solution Scale Computing HC3 Support 


Among the complete list of supported hypervisors such as VMware ESXi and Microsoft Hyper, 
RAS also supports Scale Computing HC3 support for VDI deployments. Scale Computing HC3 
is anew hyperconverged infrastructure, which includes compute, storage, virtualization, backup 
and disaster recovery in a single system. With Scale Computing HC3, RAS administrators can 
provide faster VDI solutions at a more affordable price. 
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